|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
|
||
Note: All prices in US Dollars
|
||||||||
Click here and sign up for our Elder Care Tips monthly newsletter and receive 10 free recipes!
Identity thieves prey on patients' medical records
Updated 5/7/2008 11:31 AM
By Julie Appleby, USA TODAY
Doctors' offices, clinics and hospitals are a fruitful hunting ground for identity thieves, who are using increasingly sophisticated methods to steal patient information, lawyers and privacy experts say.
Recent disclosures that hospital workers snooped into the medical files of Maria Shriver, Britney Spears and George Clooney highlight the vulnerability of patients to the merely curious and the criminal.
Legal experts say lawbreakers use medical information to get credit card numbers, drain bank accounts or falsely bill Medicare and other insurers.
RECORDS: It's often hard for patients to get even their own files
Marc Rotenberg, executive director of the Electronic Privacy Information Center, says attention on identity theft has focused on how easily criminals can get financial records. "Now we're moving into an era where many of those same problems occur with medical records," he says.
Hospitals and other medical settings often encrypt data and take other steps to protect privacy, but "people are acting with increasing sophistication to steal information," says Stuart Gerson, a Washington, D.C.-based attorney who represents health care firms.
Those intent on crime "attempt to gain the assistance of insiders" and use new techniques to capture data from files, even those that are encrypted, he says.
Pam Dixon, executive director of the World Privacy Forum, an advocacy group, says "sophisticated crime rings" often can make more money by stealing medical identities than by going after individuals' bank accounts or credit cards. "If you steal someone's medical identity, then multiply that by 100 or 1,000" other thefts "and do fake billings, you can make hundreds of thousands, if not millions, of dollars," Dixon says.
In Florida last year, a front-desk coordinator at the Cleveland Clinic was convicted of identity theft, computer fraud and other charges after downloading patient information and selling it to a cousin, who submitted more than $2.5 million in phony bills to Medicare.
In April, a former New York-Presbyterian Hospital employee was arrested for participating in an identity theft scheme in which he allegedly accessed nearly 50,000 patient records over two years.
False information from fake billings can end up in patients' medical files — and creditors might seek payment from the patients. Until the creditors call, patients might not know their medical information has been accessed.
In a recent survey of 263 health care providers, 13% said their facility had experienced a data breach. Of those, 56% said they notified the patients involved, according to the survey by HIMSS Analytics, a non-profit data analysis firm, and Kroll Fraud Solutions, which offers security-related services.
In January, California began requiring that consumers receive notice when their medical information is improperly accessed. It is only the second state, besides Arkansas, to do so, Dixon says.
Similar legislation, written by Sens. Patrick Leahy, D-Vt., and Arlen Specter, R-Pa., is being debated in Congress.
BASIC SAFEGUARDS
To guard against and deal with medical record theft:
•Check medical records or statements from your insurer for benefits paid under your name but not received.
•Monitor your credit report for collection notices from medical providers.
•File a police report if your information is stolen.
•Amend your records to correct misinformation.
Source: USA TODAY research
Medical Identity Theft Turns Patients Into Victims
By Michelle Andrews
U.S. News and World Report
Posted February 29, 2008
If identity thieves were to disregard your financial accounts and instead target your medical information, your first thought might well be, "Take my medical identity. Please." What nut would want your high cholesterol, trick knee, and family history of Alzheimer's? The answer is simple: one without health insurance who needs surgery or prescription drugs, or someone who sees a medical ID as the open sesame that will allow him or her to collect millions in false medical claims. These thieves don't actually want your medical ailments, of course, but by pretending to be you they can get what they're really after. Untangling the mess is hard: Unlike financial identity theft, there's no straightforward process for challenging false medical claims or correcting inaccurate medical records. For victims, the result can be thousands in unpaid charges, damaged credit, and bogus, possibly dangerous details cluttering up their medical records for years to come.
Medical identity theft currently accounts for just 3 percent of identity theft crimes, or 249,000 of the estimated 8.3 million people who had their identities lifted in 2005, according to the Federal Trade Commission. But as the push toward electronic medical records gains momentum, privacy experts worry those numbers may grow substantially. They're concerned that as doctors and hospitals switch from paper records to EMRs, as they're called, it may become easier for people to gain unauthorized access to sensitive patient information on a large scale. In addition, Microsoft, Revolution Health, and, just this week, Google have announced they're developing services that will allow consumers to to store their health information online. Consumers may not even know their records have been compromised. In January, a new law took effect in California that requires providers to let consumers know if their medical information has been "breached." But only a handful of other states spell out notification requirements regarding unauthorized release of patient medical data. In contrast, most states have so-called breach laws that address accidental disclosures of financial information; these may also apply to medical data in certain instances. This month, Democratic Reps. Ed Markey of Massachusetts and Rahm Emanuel of Illinois, with support from several privacy groups and Microsoft, introduced a bill that would strengthen safeguards protecting access to consumers' medical information and make it a federal requirement to notify patients if their healthcare data get exposed.
Brandon Reagin didn't realize someone had snatched his medical identity until his mother called to tell him he was the lead suspect in a car theft in South Carolina in 2005. The 22-year-old marine had lost his wallet more than a year earlier while celebrating with friends after completing boot camp at Parris Island, near Beaufort, S.C. After his training, he was posted to California. But in South Carolina, Reagin lived on, as an impostor used his military ID and driver's license to not only test-drive new cars and then steal them but also visit hospitals on several occasions to treat kidney stones and an injured hand, running up nearly $20,000 in medical charges. Reagin found out about the unpaid hospital bills when he asked for a credit report following the car theft. "It was horrible," he says. "And what made it worse is that no one really knew what to do when it first started happening."
Reagin got nowhere with local police, but with the help of a state senator, he finally connected with the U.S. attorney's office in South Carolina. Staff there notified the Secret Service, and Reagin's doppelgänger, a 30-something guy named Arthur Watts from a tiny Midlands town called Blythewood, was eventually arrested. Watts pleaded guilty last September to identity theft and is awaiting sentencing.
But for Reagin, now serving in Iraq, the case isn't closed. Because of the outstanding hospital bills, the state intercepted his $362 tax refund, money he has yet to see. And although the hospitals no longer dun him for the unpaid balances, he's still trying to clean up his credit. (In addition to racking up medical bills, Watts opened cellphone and other accounts in Reagin's name and stole another car.) There's another potential problem: The hospitals Watts used may have medical records in Reagin's name for treatment he never received. If he visits his family in South Carolina and needs medical attention, those records could complicate his treatment, even cause harm. And if those medical records someday become electronically linked to one big nationwide health information network, as envisioned by the Bush administration, some privacy experts worry it may be impossible to find and correct the errors once they percolate through the vast interconnected system. Others argue that the technology could actually make tracking errors easier. The reality is unclear.
JANUARY 8, 2007
NEWS & INSIGHTSBusinessWeek
Diagnosis: Identity Theft
For $60, a thief can buy your health records—and use them to get costly care. Guess who gets the bill
When Lind Weaver opened her mailbox one day in early 2004, she was surprised to find a bill from a local hospital for the amputation of her right foot. Surprised because the 57-year-old owner of a horse farm in Palm Coast, Fla., had never had worse than an ingrown toenail. After weeks of wrangling with the hospital's billing reps, Weaver finally stormed into the facility and kicked her heels up on the desk of the chief administrator. "Obviously, I have both of my feet," she told him.
Weaver eventually persuaded the hospital to drop the charges but in the process discovered that the mistake wasn't a simple billing error. Weaver's identity had been stolen by a fraudster who had used her personal information—her address, Social Security number, and even her insurance ID number—to have the expensive procedure performed. The nightmare didn't end there. When Weaver was hospitalized a year later for a hysterectomy, she realized the amputee's medical info was now mixed in with her own after a nurse reviewed her chart and said, "I see you have diabetes." (She doesn't.) With medical data expected to begin flowing more freely among health-care providers, Weaver now frets that if she is ever rushed to a hospital, she could receive improper care—a transfusion with the wrong type of blood, for instance, or a medicine to which she's allergic. "I now live in fear that if something ever happened to me, I could get the wrong kind of medical treatment," she says.
Weaver's experience isn't an isolated case. Medical identity theft—in which fraudsters impersonate unsuspecting individuals to get costly care they couldn't otherwise afford—is growing. Based on Federal Trade Commission surveys, Pam Dixon, executive director of the World Privacy Forum, a San Diego-based research group, estimates that more than 250,000 Americans have had their medical information stolen and misused in recent years. And this isn't petty larceny. Experts note that while individuals who have had their credit-card data stolen are usually wrangling with their banks over losses of as little as a few thousand dollars, medical ID theft can leave victims, and the doctors and hospitals that provided the care, staring at bills that are exponentially higher.
Yet the thief isn't always an individual desperately needing medical care. In some instances, the perpetrator can be a doctor hoping to pad his or her income by filing fraudulent claims. Even worse, law enforcement authorities say that more and more frauds are being perpetrated by organized crime rings who steal dozens, and sometimes thousands, of medical records, as well as the billing codes for doctors. The rings then set up fake medical clinics—offering free health screenings as a ruse to draw in patients—that submit bogus bills to insurers, collect payments for a few months, and then disappear before the insurers realize they've been had. (Dixon notes that health records now fetch $50 to $60 each on the black market, vs. a mere 7 cents for stolen résumés.)
Last year, California authorities busted a ring in Milpitas that recruited patients from a local senior citizen center with offers of a free checkup and a case of Ensure nutritional supplement. In the three months before authorities raided the clinic, the ring had billed $900,000 for diagnostic tests it had never performed. "Yesterday's drug dealers are now working in today's health-care fraud," says John Askins, an investigator in Florida's state insurance fraud division. "It's more lucrative, and they don't face the same dangers they do in the narcotics trade." The penalties, if they're caught, are lower, too.
Health-care providers say the Bush Administration's initiative to push doctors and hospitals to convert their paper-based patient files into digital records should help reduce the number of medical ID frauds. "Our software has become more sophisticated, particularly in identifying spikes in usage—someone who normally goes to the doctor once a year and suddenly goes 25 times in a 12-month period. It's a red flag," says Byron Hollis, national anti-fraud director for the Blue Cross Blue Shield Assn., a trade group for 39 health plans.
But some privacy advocates fear that the rush toward digital health records could ironically create new nightmares for victims of medical ID theft. Rather than residing in a single doctor's paper files, fraudulent information—such as the erroneous diabetes diagnosis in Lind Weaver's records—could circulate in other medical databases across the country. Given that some medical ID thefts are "inside jobs," wherein rogue clerks sell patient data to fraudsters on the outside, privacy advocates believe that allowing data to flow more freely around a national network could make such thefts even easier. "We can expect [medical ID theft] to grow the more we move toward an electronic health-care system. It's going to be a disaster," says Dr. Deborah Peel, an Austin (Tex.) psychiatrist and founder of the Patient Privacy Rights Foundation.
Even worse, it can be difficult for patients to purge any fraud from their records. While the Fair Credit Reporting Act gives victims of financial identity theft the right to see and try to correct any mistakes in their credit records, critics say that victims of medical ID theft don't have the same recourse. Health privacy laws "are limited and don't reflect the possibility of medical ID theft," notes Robert Gellman, a leading privacy consultant in Washington. "Negative information could just bounce around the system forever."
For some victims, the pain is real. Take the case of Joe Ryan. In early 2004, the 60-year-old owner of a Colorado sightseeing business (he flies passengers in a modern replica of a 1939 biplane) got a bill from a hospital outside Denver. The hospital was seeking $41,188 for surgery that Ryan says he hadn't had performed. Ryan called the hospital and, in time, realized that someone had stolen his personal information to pay for the surgery. Eventually, investigators traced the crime to a former clerk at a newspaper in which Ryan had placed an ad for his sightseeing business. "He asked for my Social Security number, and I now realize I shouldn't have given it to him," says Ryan.
When Ryan tried to correct his records, he discovered how difficult it can be for victims to clear their names. The hospital wouldn't let him see his own medical records when they determined that the signature on the driver's license Ryan handed them didn't match the signature that the perpetrator had used when he checked in. "They said I couldn't be Joe Ryan," he recalls. While the hospital eventually absorbed the loss, Ryan says he hasn't been able to completely erase the supposedly unpaid debt from his credit record. With his credit ruined, Ryan says he has had to pay a stiff interest rate—six points over the prime rate—when he refinanced his plane, and his insurance company has jacked up his premium. "It has been like a glacier moving over me," he says. "I'm just screwed because I'm going to lose my airplane, my business, and my credit rating."
In other instances, the thief can be a patient's own doctor. Debra Herritt discovered that after she and her husband began seeing a Boston psychiatrist, Richard P. Skodnek, in the 1990s. After two years of therapy, Herritt began receiving statements from her insurer, Blue Cross & Blue Shield Assn. of Massachusetts, showing that Skodnek had billed Blue Cross for sessions the Herritts had already covered. What's more, Herrit learned that Skodnek had also billed her son and daughter for psychiatric sessions that Debra says never occurred. "My children had never laid eyes on him," she says. Fortunately for Herritt, the feds were already on Skodnek's trail for defrauding other patients, and in 1996 the psychiatrist was convicted on 136 counts. Even then, Herritt says she spent the next couple of years trying to convince Blue Cross that her children had never been treated for depression. "It was an incredible invasion of their lives," Herritt says now. "I just pray this doesn't come back to haunt them somewhere down the road."
`YOU'D BE ASTONISHED'
Law enforcement authorities complain that many health-care facilities do too little to protect their patient data. Case in point: In September, federal authorities arrested a scheduling clerk at the Cleveland Clinic's Weston (Fla.) hospital who allegedly had passed on the personal identification information of more than 1,100 patients to her cousin—who in turn submitted $2.8 million in false claims to Medicare. "Hospitals have done a poor job of implementing security procedures on their computer systems," says one federal investigator. "You'd be astonished how many people have access to your medical records." (Cleveland Clinic officials say they notified law enforcement officials when fraud was detected in June, and say they've since conducted an internal risk assessment to prevent such a problem in the future.)
In their defense, health-care executives say they've taken steps in recent years to deter identity thieves. Some hospitals, for instance, have begun reprogramming their computer systems to restrict staffers from accessing any patient data beyond what they need to do their jobs. And some have instituted procedures to ensure patients are who they claim to be.
Among them is the University of Connecticut Health Center in Farmington. After one patient impersonating a distant relative gained admittance and ran up more than $76,000 in bills in his cousin's name, hospital administrators two years ago began requiring anyone seeking treatment to produce a picture ID. "We've since had instances where patients say, I left my ID in the car,' then leave and never return," says Marie Whalen, the center's assistant vice-president for ambulatory services. And beginning next March, Whalen says the center will begin scanning these picture IDs into their files to help staffers confirm each patient's identity on subsequent visits. "Most people are fine with that," she says. Indeed, it may be a small price to pay to avoid ID theft.
|
||||||
Contact Us | For Sale | Want Ads | Forum
FAQs | Policies | Links | Sitemap
mailto:info@secretsofeldercare.com
 |